Is the cloud safe for dentistry?

Rob Gardner explains why using the cloud is safer for your dental practice.

When discussing cloud based software a common worry that you come across in the dental profession is ‘Is the cloud safe?’. This is entirely understandable, as custodians of patients personal data, dental practices have both the moral and legal duty to protect this sensitive information, yet this concern is often unfounded.

This article will outline why the cloud is usually a far safer environment than a local server.

When discussing data security it can be spilt into two distinct parts:

Protection from theft

Protection from loss.

The cloud offers superior solutions to both of these problems.

Protection from theft

Often practice owners perceive that storing their old server in the office of the surgery is safer than having patient details stored on the internet. Unfortunately this is often a misguided opinion.

If the server or any of the computers on its network are connected to the internet (which is generally always the case) then the machine is just as accessible as any cloud server. The main difference is that this setup lacks an army of security experts proactively monitoring and intercepting any suspicious activity.

Keeping in the loop

You may remember some large-scale software vulnerability stories that have recently started making the news. One of the more notable is the heartbleed vulnerability and later the shellshock vulnerability.

Cloud security experts were able to utilise experience and connections to assess and patch the vulnerability hours before it reached the news rooms, whereas the ubiquity of linux devices in networking equipment means many practices are still running vulnerable routers to this day.

This is far beyond the scope of the average dental practice to have the technical knowhow and IT knowledge to assess their own vulnerability and patch any devices. Being able to rely on a team of specialists to manage the defence and safety of data is often the better option.

Security by design

The second major point regarding the prevention of data theft is that the cloud is built around security being a primary concern, whereas many of the older systems were developed long ago in an era when security was far more lax. Typical mistakes on these servers mean that data is not as secure as it could be.

Most cloud-based security also comes with two-factor authorisation for an added layer of security.

Physical security

Lastly there is the physical security of the devices that the data is stored on. In data centres, access to the machines that store and process your patient information is extremely tightly controlled and equipped with CCTV and security patrols. A far cry from your average welcoming dental practice. Granted, it is not your usual burglar who will be interested in what is on a computer but there is a growing black market for selling data which may be of value.

Many users make no effort to wipe their drives before disposing of them meaning your patients data could end up anywhere. Some people are more proactive and reformat the servers hard drive before throwing them out, but information could easily be recovered by someone who was intent on extracting the information on it. Whereas at the end of life for a data centre hard drive it is shredded before it leaves the building.

Protection from loss

Just as bad as a patient’s data being stolen is that same data being lost. Without backups years of data can be lost in an instance.

Although it can often be semi automated, setting up and maintaining a watertight backup schedule is often very laborious. This is an area that really plays to the strengths of the cloud.

Most cloud systems perform a data backup multiple times a day and stored in multiple locations. Meaning even if a natural disaster made one of the backups inaccessible, data is still available from another location.

Getting back up and running

The cloud also provides a speed advantage for getting up and running again after a disaster. Take for example the recent flooding in northern England, after an event such as that it would likely take days and hours of labour to restore a backup onto new hardware. With a cloud based system the fact it is stored in the cloud means it would just be a case of logging on from another machine, allowing a practice to keep patients in the loop and setup temporarily in any location.

Bugs, viruses and anti-viruses

These days having up-to-date antivirus software installed on a computer is not enough to keep up in the cat and mouse game of malicious software. The virus signatures are evolving at such a rate and are becoming so good at hiding, the antivirus companies simply can’t keep up. It is a critical defence to have but it no longer the holy grail of protection it once was.

Traditionally many viruses can render a computer inoperable loosing all the data stored on a machine. Being in the cloud wont protect computers from such software but it does minimise the consequences of such a disaster.

Fin

As you can see the cloud is far from being an unsafe place to store patient data, with the right setup, it is in fact far safer than trying to manage it all locally.

Although it may have traditionally been argued the cloud provides a single target, cyber criminals have changed tactics. Rather than focusing their resources on a single target they scan the internet on mass for vulnerable devices, which is far more likely to be a system that is maintained on an ad hoc level.